Evan Daniel wrote: > The nodes using rejectoverload is insufficient, I think -- they'll > reject the attacker's requests and real requests with similar > probability, and so performance for real requests will degrade > substantially. Now the attacker only needs resources comparable to > the bottlenecks; they don't even have to know where those bottlenecks > are in order to seriously degrade the network topology.
Are you sure RejectedOverload isn't adequate? If a gateway node becomes overloaded, the other nodes in both subnets will route around it, so traffic will stop crossing between the subnets but routing within each subnet should continue to work. AFAICS it would only be a problem if the gateway node was unavoidable in one or both of the subnets (eg ring topology with no shortcuts). Cheers, Michael
